0

Community,

currently I'm installing BOSH/Cloud Foundry in a VPC with an active VPC Service Perimeter. This Perimeter is used to restrict the GCP Storage API to permit external access to GCP Storage buckets.

My problem is that BOSH is using the bosh-gce-light-stemcell as default image. This image is stored in a public accessible GCP Storage bucket (here https://storage.googleapis.com/bosh-gce-raw-stemcells/bosh-stemcell-621.77-google-kvm-ubuntu-xenial-go_agent-raw-1594663662.tar.gz)

I get following error message:

result":null,"error":{"type":"Bosh::Clouds::CloudError","message":"Creating stemcell: Creating Google Image from URL: Failed to create Google Image: googleapi: Error 403: Request is prohibited by organization's policy.}

My question: Is is possible to consume artifacts outside of the Service Perimeter? If yes, what has to be done?

Update: I've solved it by triggering the BOSH-Deployment outside of the perimeter. This consumes all required Stemcells and install BOSh in the restricted enviroment.

bcubk
  • 1
  • 2
  • can you please make sure the storage is not using the Requester Pays feature. you can check [documentation](https://cloud.google.com/vpc-service-controls/docs/supported-products#storage) to learn more about the limitation. – Mahboob Jul 23 '20 at 21:25
  • Hi @Mahboob, thank you for this information. – bcubk Jul 27 '20 at 11:29

0 Answers0